WEBINAR:On-Demand

There are only a few changes from the basic configuration. You first changed the inside IP address to reflect the separate network between the PIX and the interior router. The two
global commands shown next assign both NAT and PAT to be used by the inside hosts.
Because you used a range of IP addresses, the first global command allows for each host on the LAN to get a dynamically assigned global address, or NAT. Once all of the available global IP addresses are in use, any hosts attempting to connect to the outside will use PAT.
The second global line is critical because it assigns one address for use with PAT. If a single address is not reserved for use by PAT, hosts will simply not be able to get through the PIX.

The users will think that the Internet connection has been dropped, because they will
receive no indication of a problem other than a lack of connection.

You might wonder why the range of IP addresses starts at 50 in the first global command.
This allows servers to have static IP addresses. The number 50 was arbitrarily chosen.
Whatever number is chosen ensures that there are sufficient reserved IP addresses for all
servers on the network. You could have also reserved a set of IP addresses on the upper end
of the network. The inside and outside routes were also changed to reflect the network as
shown in Figure 4-6. You are now actually ready to allow users on the Internet to access
your e-mail, FTP, and Web services.

Setting up to allow e-mail to traverse the PIX requires a few new commands. This replaces the mailhost command in previous versions of the PIX. These commands are covered later in this section. Enter the following lines into the PIX configuration.

That is all that is required to allow SMTP packets to traverse the PIX to the server with the
10.1.1.49 IP address. Users outside the PIX will see this server as 192.168.1.49. Packets
sent to 192.168.1.49 will have NAT applied to them and will be forwarded to 10.1.1.49.
Only the SMTP commands HELLO, MAIL, RCPT, DATA, RSET, NOOP, and QUIT are allowed through the PIX. The response to all other SMTP commands is an OK packet from the PIX. You added two new commands here, the static and the conduit commands. Each of them will be examined before moving on to the FTP and Web servers.

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.

Thanks for your registration, follow us on our social networks to keep up-to-date